Microsoft has said there is low risk of attackers exploiting Windows 10's Subsystem for Linux to allow malware to bypass security software—after researchers claimed 400 million computers could be at risk.

The Windows Subsystem for Linux (WSL), a feature of Windows 10 that allows it to run native Linux software and distros, could be exploited to run undetectable malware, security researchers at Checkpoint warned.

However, Microsoft and other security researchers have pointed out that the WSL is not enabled by default, and that a system would likely already have to be compromised to enable such an attack.

Researchers from Checkpoint outlined a four stage 'Bashware' attack that would see malware enabling the WSL, enabling Windows 10's Developer Mode, installing the Linux file system and downloading and running Wine to run malware from inside of a Linux distro.

"Existing security solutions are still not adapted to monitor processes of Linux executables running on Windows OS, a hybrid concept which allows a combination of Linux and Windows systems to run at the same time," say researchers in a blog post.

"This may open a door for cyber criminals wishing to run their malicious code undetected, and allow them to use the features provided by WSL to hide from security products that have not yet integrated the proper detection mechanisms.

"This means that Bashware may potentially affect any of the 400 million computers currently running Windows 10 PC globally."

Apart from the fact there are now 500 million devices running Windows 10, Microsoft also points out there are significant obstacles to carrying out such an attack in a fresh Windows 10 system.

"We reviewed and assessed this to be of low risk," said a Windows spokesperson.

"One would have to enable developer mode, then install the component, reboot, and install Windows Subsystem for Linux in order for this to be effective. Developer mode is not enabled by default."